What things I need to consider before applying FTPS only on webapps? (certs, https only, etc.)

Question

I am looking to implement FTPS only on some webapps. But, I am not sure what prerequisites it need to match for that. Specifically, does the App need to have any SSL cert on its domain for enabling FTPS?, or that cert is separate than FTPS and microsoft will take care of the cert for FTPS in backend??

Apart from cert, what other things need to be considered?

We are using ftp for deployment, and currently it is All Allowed, so want to make it FTPS only.

Answer 1

Hi @Harshit Z Kothari here are the key things to consider when implementing FTPS only for deployments to Azure App Service web apps:

• You do not need an existing SSL certificate on the web app domain. Azure manages a certificate for FTPS on the backend automatically.
• In the Azure portal, go to the web app > Configuration > General settings. Change FTPS state to "On" and disable plain FTP.
• Go to Deployment Center and reconfigure deployment sources to use FTPS instead of FTP. Provide the FTPS credentials.
• The FTPS hostname will use the format <app-name>.ftp.azurewebsites.net
• By default FTPS uses port 21 but you can change this if needed.
• Ensure your FTPS client supports implicit SSL mode. Explicit SSL is not supported.
• FTPS credentials are different than deployment credentials. You may need to reset the FTPS password.
• No other changes needed to web app configuration when switching from FTP to FTPS.
• Consider IP restrictions to limit FTPS access.

-If using FTPS Only, you must enforce TLS 1.2 or higher by navigating to the TLS/SSL settings blade of your web app. TLS 1.0 and 1.1 are not supported with FTPS Only

Hope this helps! If you have further questions let us know

Best,

Grace